PAN agent 3.1.1 connectivity problem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN agent 3.1.1 connectivity problem

Not applicable

Hi All,

I am using PA 2020 and running v3.1.2 with PAN agent v3.1.1. However, the PAN firewall cannot get the info from agent with below error. It capture from PAN agent log file.

2010 05 26 15:08:37, New Connection(10.123.10.107:39564) Socket(652)
2010 05 26 15:08:38, SSL read error in pan_host_agent_rcv_data -2-16-0
2010 05 26 15:08:38, Connection(1) is closed!

Anyone have similar experience? Thanks!

Johnny

1 accepted solution

Accepted Solutions

L4 Transporter

Hello Johnny,

the Paloalto device communticates with the Pan agent via ssl connections.

Usually the error just means there is some connectivity issue betweent he paloalto device and the machine that is running the pan agent.

So typically the reasons that would cause this are:

If there is a firewall between the paloalto management and the machine running the pan agent

turn off the windows firewall or configure an exception for it in the Windows firewall config

make sure there is no virus scanning (i.e. symantech antivirus) running on the machine that the pan agent is installed on.

make sure that the port that you have configured between the paloalto device and the pan agent is available and not being used by some other application running on the machine....you can verify this with a netstat -an on the command line of the machine running the pan agent

......always try to choose a high port number when configuring the pan agent to ensure it will not be a port that some other application uses.

If you have verified the above and you are still getting errors, please go aheand and call into support in order that we can help to troubleshoot further.

thamk you,

Stephen Whyte

View solution in original post

6 REPLIES 6

L4 Transporter

Hello Johnny,

the Paloalto device communticates with the Pan agent via ssl connections.

Usually the error just means there is some connectivity issue betweent he paloalto device and the machine that is running the pan agent.

So typically the reasons that would cause this are:

If there is a firewall between the paloalto management and the machine running the pan agent

turn off the windows firewall or configure an exception for it in the Windows firewall config

make sure there is no virus scanning (i.e. symantech antivirus) running on the machine that the pan agent is installed on.

make sure that the port that you have configured between the paloalto device and the pan agent is available and not being used by some other application running on the machine....you can verify this with a netstat -an on the command line of the machine running the pan agent

......always try to choose a high port number when configuring the pan agent to ensure it will not be a port that some other application uses.

If you have verified the above and you are still getting errors, please go aheand and call into support in order that we can help to troubleshoot further.

thamk you,

Stephen Whyte

Hi Stephen,

Thanks and I turn off the firewall in my Windows 2008 server but still not work. I will contact support and investigate the case.

Johnny

Not applicable

Hello,

could you find out finally what was the problem?

I got the same problem right now :smileyconfused:

Thank you in advance.

Not applicable

I had this issue to and contacted support I was told it was an issue within the 3.1 releases and to downgrade to 3.0.8.

3.1.3 is supposed to fix this issue and should be out at the first part of July.

3.1.3 was released last night.

Not applicable

Thanks guys !! Smiley Happy

  • 1 accepted solution
  • 3569 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!